Avast Free Test failed

Hi,

I was running some tests on the Avast Free v17.3.2291 (I’ve just reinstalled it) and I tried to do these tests: https://www.avast.com/faq.php?article=AVKB32

However, the web shield worked. But the File System Shield did not worked. I have the component active. What could be wrong? I didn’t change any settings, it is out the box.

I have another question. Having an active firewall, it is necessary to have web shield active?

Thanks

To add another thing. The problem is the real time protection. If I scan the file manually, it detects.

Then it is working.
Remeber this is just a text string, not a executable file so you cant test all functions

The manual scan is working, but the real time protection apparently is not. In the Avast website there is a guide to test the real time protection (not manual scan). I’ve used the guide (again, from the Avast website) and it fails. How can I be sure that the real time projection is working since the test (provided by Avast) failed? Or the guide is wrong, or the real time projection is not working correctly.

Yes it is absolutely necessary to have the web shield enabled. Your own test shows that, the web shield test worked and your firewall didn’t bat an eyelid. They are looking for completely different things.

You don’t say what eicar file was being tested ?
Some won’t be scanned by the file system shield immediately as they don’t present an immediate risk eicar.txt or eicar.zip for example. But the context (right click) menu scan will scan all files.

Without more information it is almost impossible to say what happened.

This is the guide I used: https://www.avast.com/faq.php?article=AVKB32#idt_02

The step 4 failed. I’ve download the file normally, I even try to open the file, but no alert pop-up appeared. It should appear a pop-up, like it is described on the step 4: “An alert pop-up message appears above the Avast orange-ball icon with the text Threat Blocked, which indicates that Avast 2016 real-time protection is working properly on your computer.”

It it helps, I have windows 10. I’ve uninstalled and reinstalled and still didn’t worked.

Well I have just tested it using my system with 17.4.2292 (beta build) and the web shield off so it could be downloaded. I downloaded the http and https eicar.com files and no alert with the web shield off, which I expected. But no alert for new files being added to the system by the File System Shield.

Ordinarily I would expect the avast file system shield to scan a .com file, however it didn’t. But although it has a .com file extension it isn’t actually a .com file as it only has the eicar text string within the file, in effect just a text file.

Another hiccup (possibly), I have XP set to query the launch of all executable files and that stepped in before being able to run it.

I can only assume that avast is looking for the file type marker inside the file to indicate what file type it is rather than just look at the file name (which can easily be changed to fool users). This assumption needs clarification by avast.

Thank you for your replication of the issue. Avast should scan the new file, but it didn’t. I hope avast could shed some light on this.

That is intentional behaviour:

Two things:

  • If this is normal behavior, the guide made by Avast is wrong.
  • But, in the test I and DavidR made, we try to open the file and it didn’t alert it. It should detected when we try to open the file, right?

That is correct.

So there is a problem with File System Shield?

Give me a few minutes, I’ll test it and escalate to the devs if there’s a problem but it could just be the file as DavidR has said.

You’re welcome.

  1. Although my assumption needs clarification - avast will scan executable files that have had the file type changed to say a .txt file type as windows (I believe ) doesn’t rely on just the file type to see what should launch that file. If avast are doing this it is reasonable to believe they would do the same for .com files that are actually text files.

One thing for sure is it would be confusing for users if they start to run the eicar test.

  1. As Alikhan mentions it is reasonable to delay the scan when it is written to disk (as it isn’t active), but you experienced more than that it didn’t scan it when executed (also confirmed on my system).

If this is the current practice then avast needs to change the avastUI > Component > File System Shield settings as this states ‘Scan files when writing’ (default enabled). When a file is saved to disk (download) it is written to disk, so a user would expect it to be scanned.

There were some discussions about Avast failing to detect eicar, below comments are from these (old) topics.

@dcop7, are you using 64bit Windows?
On that case, see below comment (same as Alikhan wrote):

(Quoted from:
EICAR NOT DETECTED by File System Shield !?!?
https://forum.avast.com/index.php?topic=151146.msg1098104#msg1098104)

Even if you are using 32bit one, eicar sometimes cannot be detected, see this comment:

(Quoted from:
Eicar test fails on Avast Free
https://forum.avast.com/index.php?topic=64158.msg542311#msg542311)

Yes, I have 64bits Windows. I will try to copy the file from one folder to another and see. Thank you.

Thanks for digging this out - one thing for sure that FAQ https://www.avast.com/faq.php?article=AVKB32#idt_02 needs a complete upgrade as given what you have found makes it pretty much redundant. Other than the web shield getting involved, the rest the eicar.com tests are not worth

There are still a lot of people using 32bit OSes my XP Pro SP3 (test system) did execute (but lets say ran) so it should have detected the eicar string. My Win7 SP1 system is also 32bit. Only this win10 laptop is 64bit, but this system hasn’t been updated to avast 17.x.x

Perhaps avast should add .COM files to the list by default (or in an .ini file or behind the scenes), so users can run the set of eicar tests and get the expected results instead of a shock.

I’ve tried to copy the file to a folder to another and it didn’t detect anything. Also, I don’t have the option “Optimize scanning during file copy option” in File System Shield Settings / Advanced. I have (screenshot)